CVE-2017-10623

Summary

Lack of authentication and authorization of cluster messages in Juniper Networks Junos Space may allow a man-in-the-middle type of attacker to intercept, inject or disrupt Junos Space cluster operations between two nodes. Affected releases are Juniper Networks Junos Space all versions prior to 17.1R1.

Affected Software

VendorProductVersion RangeStatus
Juniper NetworksJunos Spaceversions prior to 17.1R1affected

Weaknesses

  • insufficient verification

Workarounds

There are no viable workarounds for this issue. It is good security practice to limit the exploitable attack surface of critical infrastructure networking equipment. Use access lists or firewall filters to limit access to the device from trusted, administrative networks or hosts.

ADP Enrichment

CVE Program Container

Additional References

References